[Touch-packages] [Bug 1729850] Re: artful openssl FTBFS on armhf
This bug was fixed in the package openssl - 1.0.2g-1ubuntu14 --- openssl (1.0.2g-1ubuntu14) bionic; urgency=medium * SECURITY UPDATE: Malformed X.509 IPAddressFamily could cause OOB read - debian/patches/CVE-2017-3735.patch: avoid out-of-bounds read in crypto/x509v3/v3_addr.c. - CVE-2017-3735 * SECURITY UPDATE: bn_sqrx8x_internal carry bug on x86_64 - debian/patches/CVE-2017-3736.patch: fix carry bug in bn_sqrx8x_internal in crypto/bn/asm/x86_64-mont5.pl. - CVE-2017-3736 * debian/patches/fix_armhf_ftbfs.patch: fix build with gcc-7.2 on armhf. (LP: #1729850) -- Marc Deslauriers Mon, 06 Nov 2017 07:56:00 -0500 ** Changed in: openssl (Ubuntu Bionic) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1729850 Title: artful openssl FTBFS on armhf Status in binutils package in Ubuntu: Invalid Status in gcc-7 package in Ubuntu: Invalid Status in openssl package in Ubuntu: Fix Released Status in binutils source package in Artful: Invalid Status in gcc-7 source package in Artful: Invalid Status in openssl source package in Artful: Fix Released Status in binutils source package in Bionic: Invalid Status in gcc-7 source package in Bionic: Invalid Status in openssl source package in Bionic: Fix Released Bug description: openssl FTBFS on artful armhf with the following: ../util/shlib_wrap.sh ./sha256t Testing SHA-256 TEST 1 of 3 failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1729850/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729850] Re: artful openssl FTBFS on armhf
This bug was fixed in the package openssl - 1.0.2g-1ubuntu13.2 --- openssl (1.0.2g-1ubuntu13.2) artful-security; urgency=medium * SECURITY UPDATE: Malformed X.509 IPAddressFamily could cause OOB read - debian/patches/CVE-2017-3735.patch: avoid out-of-bounds read in crypto/x509v3/v3_addr.c. - CVE-2017-3735 * SECURITY UPDATE: bn_sqrx8x_internal carry bug on x86_64 - debian/patches/CVE-2017-3736.patch: fix carry bug in bn_sqrx8x_internal in crypto/bn/asm/x86_64-mont5.pl. - CVE-2017-3736 * debian/patches/fix_armhf_ftbfs.patch: fix build with gcc-7.2 on armhf. (LP: #1729850) -- Marc Deslauriers Mon, 06 Nov 2017 07:56:00 -0500 ** Changed in: openssl (Ubuntu Artful) Status: In Progress => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-3735 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-3736 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1729850 Title: artful openssl FTBFS on armhf Status in binutils package in Ubuntu: Invalid Status in gcc-7 package in Ubuntu: Invalid Status in openssl package in Ubuntu: In Progress Status in binutils source package in Artful: Invalid Status in gcc-7 source package in Artful: Invalid Status in openssl source package in Artful: Fix Released Status in binutils source package in Bionic: Invalid Status in gcc-7 source package in Bionic: Invalid Status in openssl source package in Bionic: In Progress Bug description: openssl FTBFS on artful armhf with the following: ../util/shlib_wrap.sh ./sha256t Testing SHA-256 TEST 1 of 3 failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1729850/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729850] Re: artful openssl FTBFS on armhf
This is a deliberate change in binutils-2.29, which changes how the ADR instruction works with Thumb function symbols: https://sourceware.org/git/gitweb.cgi?p=binutils- gdb.git;a=commit;h=52a86f843b6dee1de9977293da9786649b146b05 There are some changes in openssl which work around this: https://git.openssl.org/?p=openssl.git;a=commit;h=11208dcfb9105e8afa37233185decefd45e89e17 https://git.openssl.org/?p=openssl.git;a=commit;h=b82acc3c1a7f304c9df31841753a0fa76b5b3cda -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1729850 Title: artful openssl FTBFS on armhf Status in binutils package in Ubuntu: Invalid Status in gcc-7 package in Ubuntu: Invalid Status in openssl package in Ubuntu: In Progress Status in binutils source package in Artful: Invalid Status in gcc-7 source package in Artful: Invalid Status in openssl source package in Artful: In Progress Status in binutils source package in Bionic: Invalid Status in gcc-7 source package in Bionic: Invalid Status in openssl source package in Bionic: In Progress Bug description: openssl FTBFS on artful armhf with the following: ../util/shlib_wrap.sh ./sha256t Testing SHA-256 TEST 1 of 3 failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1729850/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729850] Re: artful openssl FTBFS on armhf
** Changed in: gcc-7 (Ubuntu) Status: New => Invalid ** Changed in: binutils (Ubuntu) Status: New => Invalid ** Also affects: binutils (Ubuntu Bionic) Importance: Undecided Status: Invalid ** Also affects: openssl (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: gcc-7 (Ubuntu Bionic) Importance: Undecided Status: Invalid ** Also affects: binutils (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: gcc-7 (Ubuntu Artful) Importance: Undecided Status: New ** Changed in: gcc-7 (Ubuntu Artful) Status: New => Invalid ** Changed in: binutils (Ubuntu Artful) Status: New => Invalid ** Changed in: openssl (Ubuntu Artful) Status: New => Confirmed ** Changed in: openssl (Ubuntu Bionic) Status: New => In Progress ** Changed in: openssl (Ubuntu Artful) Status: Confirmed => In Progress ** Changed in: openssl (Ubuntu Artful) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: openssl (Ubuntu Bionic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1729850 Title: artful openssl FTBFS on armhf Status in binutils package in Ubuntu: Invalid Status in gcc-7 package in Ubuntu: Invalid Status in openssl package in Ubuntu: In Progress Status in binutils source package in Artful: Invalid Status in gcc-7 source package in Artful: Invalid Status in openssl source package in Artful: In Progress Status in binutils source package in Bionic: Invalid Status in gcc-7 source package in Bionic: Invalid Status in openssl source package in Bionic: In Progress Bug description: openssl FTBFS on artful armhf with the following: ../util/shlib_wrap.sh ./sha256t Testing SHA-256 TEST 1 of 3 failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1729850/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729850] Re: artful openssl FTBFS on armhf
I also verified that with this workaround for the first instruction, the non-NEON path passes the test, by removing this block from sha256-armv4.S: #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12]@ OPENSSL_armcap_P tst r12,#ARMV8_SHA256 bne .LARMv8 tst r12,#ARMV7_NEON bne .LNEON #endif -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1729850 Title: artful openssl FTBFS on armhf Status in binutils package in Ubuntu: New Status in gcc-7 package in Ubuntu: New Status in openssl package in Ubuntu: New Bug description: openssl FTBFS on artful armhf with the following: ../util/shlib_wrap.sh ./sha256t Testing SHA-256 TEST 1 of 3 failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1729850/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729850] Re: artful openssl FTBFS on armhf
I stepped through 2 builds side-by-side in gdb - one good build built with gcc 7.1, and one bad build, built with gcc 7.2. I managed to narrow it down to a bug in sha256_block_data_order. One of the first differences I spotted was that the good build branches almost immediately to a NEON code path (sha256_block_data_order_neon), whereas the broken build continues on the non-NEON code path. If we look at the first few instructions of sha256_block_data_order in a good build: 0xf7699c60 <+0>: sub r3, pc, #8 0xf7699c64 <+4>: ldr r12, [pc, #-40] ; 0xf7699c44 0xf7699c68 <+8>: ldr r12, [r3, r12] The first instruction basically loads the address of the start of the function in to %r3, which we can see if we step past it: (gdb) info registers r0 0x413558 4273496 r1 0x413580 4273536 r2 0x1 1 r3 0xf7699c60 4150893664 r4 0x413558 4273496 r5 0xfffef35c 4294898524 r6 0x0 0 r7 0x413580 4273536 r8 0x0 0 r9 0xf77efab8 4152294072 r100xf77b9dec 4152073708 r110x0 0 r120x0 0 sp 0xfffef2c8 0xfffef2c8 lr 0xf7697e5c -144081316 pc 0xf7699c64 0xf7699c64 cpsr 0x80080010 -2146959344 (gdb) p sha256_block_data_order $1 = {} 0xf7699c60 The second instruction loads a value from an address 40 bytes before the instruction in to %r12. Looking in sha256-armv4.S, this value is "OPENSSL_armcap_P - sha256_block_data_order", or the offset of OPENSSL_armcap_P from the start of sha256_block_data_order. The third instruction loads the value of OPENSSL_armcap_P in to %r12. Stepping through these instructions gives this state: (gdb) info registers r0 0x413558 4273496 r1 0x413580 4273536 r2 0x1 1 r3 0xf7699c60 4150893664 r4 0x413558 4273496 r5 0xfffef35c 4294898524 r6 0x0 0 r7 0x413580 4273536 r8 0x0 0 r9 0xf77efab8 4152294072 r100xf77b9dec 4152073708 r110x0 0 r120x3 3 sp 0xfffef2c8 0xfffef2c8 lr 0xf7697e5c -144081316 pc 0xf7699c6c 0xf7699c6c cpsr 0x80080010 -2146959344 So the value of OPENSSL_armcap_P is 3, which causes the following instructions to take the NEON path: 0xf7699c6c <+12>:tst r12, #16 0xf7699c70 <+16>:bne 0xf769b660 0xf7699c74 <+20>:tst r12, #1 0xf7699c78 <+24>:bne 0xf769aa60 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1729850 Title: artful openssl FTBFS on armhf Status in binutils package in Ubuntu: New Status in gcc-7 package in Ubuntu: New Status in openssl package in Ubuntu: New Bug description: openssl FTBFS on artful armhf with the following: ../util/shlib_wrap.sh ./sha256t Testing SHA-256 TEST 1 of 3 failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1729850/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729850] Re: artful openssl FTBFS on armhf
Continuing debugging the broken build, if we look at the first few instructions of sha256_block_data_order: 0x004160c0 <+0>: subwr3, pc, #3 0x004160c4 <+4>: ldr.w r12, [pc, #-36] ; 0x4160a4 0x004160c8 <+8>: ldr.w r12, [r3, r12] This looks similar to before - the intention being that %r3 is loaded with the address of the start of the function, %r12 is loaded with the offset of OPENSSL_armcap_P from the start of the function, then %r12 is loaded with the value of OPENSSL_armcap_P. However, the first instruction is broken - the #3 should be a #4. Stepping past it produces this state: (gdb) info registers r0 0x4b7558 4945240 r1 0x4b7580 4945280 r2 0x1 1 r3 0x4160c1 4284609 r4 0x4b7558 4945240 r5 0xfffef44c 4294898764 r6 0x0 0 r7 0x4b7580 4945280 r8 0x3 3 r9 0xfffef44c 4294898764 r100x0 0 r110x0 0 r120x0 0 sp 0xfffef3b8 0xfffef3b8 lr 0x414387 4277127 pc 0x4160c4 0x4160c4 cpsr 0x40080030 1074266160 (gdb) p sha256_block_data_order $1 = {} 0x4160c0 Now, %r3 is the address of the start of the function, off-by-1. Continuing to step through demonstrates that we load the wrong value in to %r12, and this causes the non-NEON code path to be executed, which somehow doesn't work. If I step past these first 3 instructions, and then write the expected value of OPENSSL_armcap_P in to %r12, the test completes successfully: (gdb) info registers r0 0x4b7558 4945240 r1 0x4b7580 4945280 r2 0x1 1 r3 0x4160c1 4284609 r4 0x4b7558 4945240 r5 0xfffef44c 4294898764 r6 0x0 0 r7 0x4b7580 4945280 r8 0x3 3 r9 0xfffef44c 4294898764 r100x0 0 r110x0 0 r120x10016777216 sp 0xfffef3b8 0xfffef3b8 lr 0x414387 4277127 pc 0x4160cc 0x4160cc cpsr 0x40080030 1074266160 (gdb) set $r12 = 3 (gdb) info registers r0 0x4b7558 4945240 r1 0x4b7580 4945280 r2 0x1 1 r3 0x4160c1 4284609 r4 0x4b7558 4945240 r5 0xfffef44c 4294898764 r6 0x0 0 r7 0x4b7580 4945280 r8 0x3 3 r9 0xfffef44c 4294898764 r100x0 0 r110x0 0 r120x3 3 sp 0xfffef3b8 0xfffef3b8 lr 0x414387 4277127 pc 0x4160cc 0x4160cc cpsr 0x40080030 1074266160 (gdb) cont Continuing. Testing SHA-256 . Breakpoint 1, EVP_Digest (data=0x47f38c, count=56, md=0xfffef44c "\272x\026\277\217\001\317\352AA@\336]\256\"#\260\003a\243\226\027z\234\264\020\377a\362", size=0x0, type=0x4aff00 , impl=0x0) at digest.c:353 353 digest.c: No such file or directory. (gdb) Yay! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1729850 Title: artful openssl FTBFS on armhf Status in binutils package in Ubuntu: New Status in gcc-7 package in Ubuntu: New Status in openssl package in Ubuntu: New Bug description: openssl FTBFS on artful armhf with the following: ../util/shlib_wrap.sh ./sha256t Testing SHA-256 TEST 1 of 3 failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1729850/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729850] Re: artful openssl FTBFS on armhf
The incorrect instruction at the start of sha256_block_data_order comes from the ADR pseudo-instruction in sha256-armv4.S: .global sha256_block_data_order .type sha256_block_data_order,%function sha256_block_data_order: #if __ARM_ARCH__<7 sub r3,pc,#8@ sha256_block_data_order #else adr r3,sha256_block_data_order #endif The ADR instruction assembles to a SUB in our case, and it appears to do this incorrectly in Thumb mode. Adding a binutils task for this. ** Also affects: binutils (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1729850 Title: artful openssl FTBFS on armhf Status in binutils package in Ubuntu: New Status in gcc-7 package in Ubuntu: New Status in openssl package in Ubuntu: New Bug description: openssl FTBFS on artful armhf with the following: ../util/shlib_wrap.sh ./sha256t Testing SHA-256 TEST 1 of 3 failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1729850/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729850] Re: artful openssl FTBFS on armhf
On the broken build, the first thing to notice is that when entering sha256_block_data_order, we are running in Thumb mode, as bit 5 of the status register is set: (gdb) info registers r0 0x4b7558 4945240 r1 0x4b7580 4945280 r2 0x1 1 r3 0x0 0 r4 0x4b7558 4945240 r5 0xfffef44c 4294898764 r6 0x0 0 r7 0x4b7580 4945280 r8 0x3 3 r9 0xfffef44c 4294898764 r100x0 0 r110x0 0 r120x0 0 sp 0xfffef3b8 0xfffef3b8 lr 0x414387 4277127 pc 0x4160c0 0x4160c0 cpsr 0x40080030 1074266160 The good build was not running in Thumb mode. sha256-armv4.S enables Thumb instructions if __thumb2__ is defined by the compiler, see: .text #if __ARM_ARCH__<7 .code 32 #else .syntax unified # ifdef __thumb2__ .thumb # else .code 32 # endif #endif Sure enough, there's a difference between the 2 tested gcc builds. Bad build: $ gcc -dM -E - < /dev/null | grep __thumb2__ #define __thumb2__ 1 $ Good build: $ gcc -dM -E - < /dev/null | grep __thumb2__ $ Looking in the changelog for gcc-7, I see the following comment for 7.2.0-2: * Restore configuring with --with-mode=thumb on armhf. Closes: #873584. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1729850 Title: artful openssl FTBFS on armhf Status in binutils package in Ubuntu: New Status in gcc-7 package in Ubuntu: New Status in openssl package in Ubuntu: New Bug description: openssl FTBFS on artful armhf with the following: ../util/shlib_wrap.sh ./sha256t Testing SHA-256 TEST 1 of 3 failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1729850/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729850] Re: artful openssl FTBFS on armhf
Changing the start of sha256_block_data_order in sha256-armv4.S to avoid the use of the ADR pseudo-instruction like this: global sha256_block_data_order .type sha256_block_data_order,%function sha256_block_data_order: #ifdef __thumb2__ sub r3,pc,#4@ sha256_block_data_order #else sub r3,pc,#8@ sha256_block_data_order #endif ... seems to work: $ ../util/shlib_wrap.sh ./sha256t Testing SHA-256 ... passed. Testing SHA-224 ... passed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1729850 Title: artful openssl FTBFS on armhf Status in binutils package in Ubuntu: New Status in gcc-7 package in Ubuntu: New Status in openssl package in Ubuntu: New Bug description: openssl FTBFS on artful armhf with the following: ../util/shlib_wrap.sh ./sha256t Testing SHA-256 TEST 1 of 3 failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1729850/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729850] Re: artful openssl FTBFS on armhf
It FTBFS with gcc 7.2 in artful and bionic, but builds fine with gcc 7.1 that was previously in artful. Openssl 1.0.2m fails in the same way. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1729850 Title: artful openssl FTBFS on armhf Status in gcc-7 package in Ubuntu: New Status in openssl package in Ubuntu: New Bug description: openssl FTBFS on artful armhf with the following: ../util/shlib_wrap.sh ./sha256t Testing SHA-256 TEST 1 of 3 failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gcc-7/+bug/1729850/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp